The Hacker News — Cyber Security, Hacking, Technology News

Last October, the social network 'LinkedIn' launched a controversial Smartphone app called 'Intro' that intercepts and route all of your emails through LinkedIn servers to inject LinkedIn profiles of the sender directly into the mails. The app was released for Android, as well as iOS devices.

Why Controversial? The app puts the security and privacy of your data entirely in the company’s hands, and at that time everyone criticized and reacted negatively, but LinkedIn defended Intro, claiming that all information was fully encrypted and deleted from LinkedIn’s servers immediately.

Just two days back, I got an e-mail from LinkedIn with the subject line “We’re retiring LinkedIn Intro.” i.e. LinkedIn is giving up so quickly just four months of the launch!

In a blog post today, LinkedIn SVP of products Deep Mishar explained, "We are shutting down LinkedIn Intro as of March 7, 2014. The intro was launched last year to bring the power of LinkedIn to your email Inbox on your iPhone. While Intro is going away, we will continue to work on bringing the power of LinkedIn to wherever our members work."

If you have installed Intro app: LinkedIn says users will need to manually remove the functionality of their devices before March 7th for email to resume working correctly. You can continue to use Rapportive, a service that integrates LinkedIn into Gmail accounts and was acquired by LinkedIn for $15 million in February 2012.

How to Remove LinkedIn Intro app:

From your iPhone home screen, tap the iPhone Settings.

Tap the General section and scroll down and tap the Profiles section.

Tap all profiles that start with Intro to remove and remove all of them.

In addition to the Intro, LinkedIn is also shutting down Slidecast, a service that enables SlideShare members to upload presentations with audio by April 30, 2104. "Slidecast users will be able to download their Slidecasts until April 30 and can continue to share the non-audio portions of their presentations with their network on SlideShare.net." he said.

It was interesting to see that Apple Store allows such sniffing app to exist, but LinkedIn says the decision to shut down the service was its own. But it appears, Soon LinkedIn may again try a different method to integrate LinkedIn with user's email accounts.

Your LinkedIn profile is your digital resume. Yesterday, LinkedIn launched a new app for for iOS devices called Intro 'LinkedIn Intro'. With this feature an email on your iPhone will display a picture of the sender, with useful profile info from LinkedIn.

Basically, to use the service, a LinkedIn user must route all of their emails (any provider i.e. Hotmail, Gmail, Yahoo, etc.) through LinkedIn's 'Intro' servers, which will inject fancy business centric HTML profile right in your emails, as shown.

But this also means that LinkedIn is now able to read the complete content of your emails and also can store the passwords to users' external email accounts. The feature is enough to destroy the security and privacy of your mails.

Another point to be noted that, Apple does not provide any APIs or frameworks for developers that would allow this kind of modification of its interface. Instead, LinkedIn is acting as a ‘man in the middle’ by intercepting your email to inject that HTML code.

"Normally your device connects directly to the servers of your email provider (Gmail, Yahoo, AOL, etc.), but we can configure the device to connect to the Intro proxy server instead. The Intro proxy server speaks the IMAP protocol, just like an email provider, but it doesn’t store messages itself. Instead, it forwards requests from the device to your email provider, and forwards responses from the email provider back to the device. En route, it inserts Intro information at the beginning of each message body — we call this the top bar."

LinkedIn said that, during installation, the servers temporarily cache your password in order to add a new Mail account to your device, and your password is only cached for the length of time it takes to install Intro, and never for more than two hours.

But is it secure? Amidst this criticism, Senior Software Engineer for LinkedIn Martin Kleppmann wrote a blog post explaining how the service’s security isn’t something people should be worried about.

He said, in order to use the feature user have to Install 'Inro' app manually with his wish and Usernames, passwords, OAuth tokens, and email contents are not permanently stored anywhere inside LinkedIn data centers. Instead, these are stored on your iPhone.

Even, LinkedIn also sniffs the contents of users' iOS calendars, including sensitive information such as confidential meeting notes and call-in numbers, which they then transmitted in plain text, not encrypted.

But in the future, Will they do not comply with so-called U.S Secret orders to intercept user emails for NSA intentionally under low pressure ? Obviously they are and they will !